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DETAILED ACTION 

Response to Amendment 
This office action is in response to request for reconsideration filed on January 01, 2006. 
Original application contained Claims 1-50. Applicant previously amended Claims 5-6, 42-50, 
and added new Claims 51-59. Applicant currently amended Claims 1, 3, 1 1, 16, 25, 41, 58, and 
added a new Claim 60.The amendment filed on January 01, 2006 have been entered and made of 
record. Presently Claims 1-60 are pending for consideration. 

Response to Arguments 
Applicant's arguments filed on January 01, 2006 have been fully considered but they are 
not persuasive because of the following reasons: 

Regarding Claimed invention applicants argued that the system of cited prior art 
(CPA) [Ooki et al. (U.S. Patent 5,822,518), Dustan et al. (U.S. Patent 5,884,312), Sprecher (U.S. 
Patent 5,285,494) and Dauerer et al. (U.S. Patent 5,627,967)] does not teach, the subject matter 
as claimed. 

1. Regarding Claims 1, 3-6, 8-12, 14, 25-34, 36-42, and 50 applicant argued that although Ooki 
uses a privilege table to identify access privileges of users, the privileges are related to a specific 
restricted data, not to a particular function of a particular software application. This is not found 
persuasive. Ooki clearly teaches system to control reference of secret part of user data based on 
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security rank of user. The system and method of Ooki teaches an automatic security verification 
and removal method which involves obtaining generalized description of original and new data 
sample pairs with transformation finding invariant regions in samples for restoration The method 
involves transmitting a reference demand of the user data of other system published by a 
computer to an ID converter through a first ID management part. The ID converter converts the 
user ID in the demand to a guest ID by referring an ID conversion table and sends the demand to 
a second user ID management part. The management part checks whether the guest ID is 
registered in an user ID table when it is confirmed to be registered, reference demand is given to 
a security check part and to an user data management part. The demanded user data is then 
referred (col.2 line 6 to col. 3 line 21, and col.Sline 16 tolcol.6 line 61). 

2. Regarding obviousness rejection based on combined system of Ooki, Dustan, Sprecher, and 
Dauerer, applicant argued the combined system does not teach entitlement of users to access a 
particular function of a particular software application, as described in claims 2, 7, 13, 15-24, 
35, and 43-48. This is not found persuasive. The system of Ooki, Dustan, Sprecher, and Dauerer 
clearly teaches system to control reference of secret part of user data based on security rank of 
user Ooki: col.2 line 6 to col.3 line 21, and col.Sline 16 tolcol.6 line 61; Dustan: col.8 line 56-59, 
and col. 13 line 36 to line 40; Sprecher: col.l line 60 to 68; Dauerer: col. 1 line 44 to line 50) 

As a result, cited prior art does implement and teach a system and method that 
relates to an application for protecting software applications and their underlying proprietary data 
as broadly recited in claims. 
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Applicants still have failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. 

The examiner is not trying to teach the invention but is merely trying to interpret the claim 
language in its broadest and reasonable meaning. The examiner will not interpret to read 
narrowly the claim language to read exactly from the specification, but will interpret the claim 
language in the broadest reasonable interpretation in view of the specification. Therefore, the 
examiner asserts that cited prior art(s) does teach or suggest the subject matter recited in 
independent and dependent claims. Accordingly, rejections for claims 1-60 are respectfully 
maintained. 



Claim Rejections - 35 USC § 102 

12. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

13. Claims 1, 3-6, 8-12, 14, 25-34, 36-42, 49, 50, 51-53, and 55-60 are rejected under 35 U.S.C. 
102(b) as 

being anticipated by Ooki et al. (U.S. Patent 5,822,518). 
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14. With respect to claim 1, Ooki et al. disclose a system for selectively granting access to the 
functionality of plurality of software applications, comprising: 

A first memory configured to store first data related to each of the plurality of software 
applications (column 3, lines 13-18). 

second data specifying entitlements of each of the plurality of users to access functions of 
the software applications (column 2, lines 6-10; column 3, lines 18-21); and 

A rules checker (item 13) in communication with the software applications and the first 
memory, said rules checker configured to: 

Receive at least one query, said query originating from any particular one of the 
software applications , wherein the query is generated in response to an input received from one 
of the plurality of users with respect to the particular software application (column 5, lines 16- 
20), and 

Forward a message to the 1 particular software application in response to the query 
, wherein the message is generated based on the query and the second data (column 5, lines 24- 
25), 

Wherein said message provides instructions to the particular software application 
regarding entitlements of one of the plurality of users to access a particular function of the 
particular software application (column 6, lines 3-9). 

15. With respect to claim 3, Ooki et al disclose a system, wherein the each of the plurality of 
software applications are implemented on one of a mainframe and a distributed computing 
system (Figure 1, items 10 and 90; A distributed computing system is one in which different 
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functionality that comprises an application may be located in different components of the system. 
In Figure 1, two different servers are connected via a network in one system in order to carry out 
the functionality of the system.). 



16. With respect to claim 4, Ooki et al. disclose a system, further comprising: 

A second memory configured to store proprietary data useful to the particular software 

application (column 6, lines 14-18), and 

Wherein said message provides information to the particular software application 

regarding authorization to output portions of the proprietary data (column 6, lines 3-9, lines 12- 

13). 



17. With respect to claim 5, Ooki et al. disclose a system, wherein the respective first data for 
each software application includes an identification of hierarchically arranged functions 
associated with that software application (column 6, lines 54-61). 



18. With respect to claim 6, Ooki et al. disclose a system, wherein the query further comprises 
information relating to the one of the users and relating to at least one of the functions associated 
with the particular software application (column 5, lines 16-20), and 
Wherein the message relates to that one user's authorization to access the at least one 
functions (column 6, lines 3-9). 



19. With respect to claim 8, Ooki et al. disclose a system, wherein the respective first data for 
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each software application includes an identification of data fields associated with that software 
application (column 4, lines 31-35). 

20. With respect to claim 9, Ooki et al. disclose a system, wherein the query further comprises 
information relating to one of the users and relating to at least one of the data fields associated 
with the particular software application (column 5, lines 10-20), and 

Wherein the message relates to that one user's authorization to access the at least one 
field (column 4, lines 31-35; column 6, lines 3-9. 

21. With respect to claim 10, Ooki et al. disclose a system, wherein the rules checker is further 
configured to: 

Generate the message based on the query, the first data and the second data (column 6, 
lines 3-9). 

22. With respect to claim 11, Ooki et al. disclose a system, wherein: 

The respective second data for each of the users includes at least one role, from among a 
plurality of roles, associated with that particular user (column 2, lines 18-23), and 

The respective first data for each software application includes: 

An identification of hierarchically arranged functions associated with that 
software application (column 2, lines 1 8-23), and 

A description of which of the plurality of roles is entitled to access each of the 
functions (column 2, lines 18-23). 
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23. With respect to claim 12, Ooki et al. disclose a system, wherein; 

The query includes an identification of a specific one of the users and a specific one of 
the functions associated with the particular software application (column 5, lines 16-20); 

The rules checker is further configured to generate the message based on the query the 
first data and the second data (column 6, lines 3-9); and 

The message instructs the particular software application regarding that specific user's 
entitlement to access that specific function (column 6, lines 3-9). 

24. With respect to claim 14, Ooki et al. disclose a system, wherein the respective second data 
for each of the users includes an access level from among a plurality of access levels associated 
with that particular user (column 2, lines 18-23), said access level determining an authorization ' 
of that particular user to access proprietary data within the second memory (column 2, lines 18- 
25) and 

The rules checker is further configured to generate the message based on the query, the 
first data and the second data (column 6, lines 3-9). 

25. With respect to claim 25, Ooki et al. disclose a method for providing application-level 
security, said method comprising the steps of: 

Storing first data relating to a plurality of software applications (column 3, lines 13-18); 
Storing second data specifying entitlements of each a plurality of users to access 
functions of the software applications (column 2, lines 6-10; column 3, lines 18-21); 
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Receiving a query from a particular one of the software applications, wherein the query is 
generated in response to an input from one of the plurality of users with respect to the particular 
software application (column 5, lines 10- 
20); 

In response to the query, forwarding a message to the particular software application, said 
message being generated based on the second data and the query, and providing instructions to 
the particular software application regarding entitlements of the one of the plurality of users to 
access a function of the particular software application (column 5, lines 24-25). 

26. With respect to claim 26, Ooki et al. disclose a method, further comprising the step of: 

Generating the message' e based on the query, the first data and the second data (column 
6, lines 3-9). 

27. With respect to claim 27, Ooki et al. disclose a method, wherein the query includes an 
identification of the particular user and the function (column 5, lines 10-20). 

28. With respect to claim 28, Ooki et al. disclose a method, wherein the second data includes for 
each user, one or more of an associated user ID, client name, role, and business level (column 4, 
lines 23-28). 

29. With respect to claim 29, Ooki et al. disclose a method, wherein the first data includes for 
each software application an identification of associated hierarchically arranged functions and 
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characteristics of those users authorized to access each such functions (column 6, lines 54-61). 

30. With respect to claim 30, Ooki et al. disclose a method, further comprising the steps of: 

Correlating the first and second data to determine authorized functions, said authorized 
functions being those particular functions of each software application which are accessible by a 
specified user (column 5, lines 20-25-, column 3, lines 20-25); 

Generating the message based on the query and the determination of authorized functions 
(column 6, lines 3-9), wherein said query includes an identification of the particular user and the 
function (column 5, lines 10-20). 

31. With respect to claim 31, Ooki et al. disclose a method, wherein the first data includes for 
each software application an identification of associated data fields and characteristics of 
entitlements of users to each data field (column 3, lines 20-25). 

32. With respect to claim 32, Ooki et al. disclose a method, further comprising the steps of: 

Correlating the first and second data to determine authorized data field operations, said 
authorized operations being those particular operations of each data field which are permitted to 
a specified user (column 5, lines 20-25; column 3, lines 20-25); and 

Generating the message based on the query and the determination of authorized 
operations (column 6, lines 3-9), wherein said query includes an identification of the particular 
user and of a predetermined data field (column 5, lines 10-20. 
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33. With respect to claim 33, Ooki et al. disclose a method, further comprising the steps of: 

Storing proprietary data useful to the plurality of the software applications (column 3, 
lines 13-18); and 

Storing third data relating to accessibility of the proprietary data (column 3, lines 21-27). 

34. With respect to claim 34, Ooki et al. disclose a method, further comprising the steps of: 

Correlating the first, second and third data to determine authorized data accesses, said 
authorized data accesses being those particular data accesses of the proprietary data which are 
permitted to a specified user (column 5, lines 60-67 to column 6, lines 1-9); and 

Generating the message based on the query and the determination of authorized data 
accesses (column 6, lines 3-9, wherein said query includes an identification of the particular 
user and of predetermined proprietary data (column 5, lines 10-20). 

35. With respect to claim 36, Ooki et al. disclose a method, further comprising the step of: 

Administering the first and second data by manipulating one or both of the first and 
second data according to which of a plurality of clients the plurality of the users is associated 
with (column 1, lines 23-26). 

36. With respect to claim 37, Ooki et al. disclose a method, further comprising the step of: 

Administering the first and second data by manipulating one or both of the first and 
second data according to the identity of a particular one of the users (column 2, lines 19-20; 
column 4, lines 23-28). 
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37. With respect to claim 38, Ooki et al. disclose a method, further comprising the step of: 

Administering the first and second data by manipulating one or both of the first and 
second data according to which of a plurality of roles the plurality of the users is associated with 
(column 2, lines 19-20). 

38. With respect to claim 39, Ooki et al. disclose a method, further comprising the step of: 

Administering the first and second data by manipulating all the first data relating to a 
specific one of the software applications (column 6, lines 54-61). 

39. With respect to claim 40, Ooki et al. disclose a method, further comprising the step of: 

Administering the first and second data by manipulating all the first data relating to one 
of a plurality of functions associated with a specific one of the software applications (column 6, 
lines 54-61). 

40. With respect to claim 42, Ooki et al. disclose a method, further comprising: 

A non- volatile data store indicating a hierarchical arrangement of the plurality of access 
levels (column 4, lines 31-35), and 

Wherein the rules checker is further configured to consult the data store when 
determining the authorization of that particular user (column 6, lines 3-9) 

41. With respect to claim 49, Ooki et al. disclose a method, wherein the authorization of the 
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particular user to access proprietary data depends, at least in part, on the particular software 
application identity (column 4, lines 31-35). 

42. With respect to claim 50, Ooki et al. disclose a method, wherein the authorization of the 
particular user to access proprietary data depends, at least in part, on the particular function 
identity (column 6, lines 12-17). 

43. With respect to claim 41, Ooki .et al. disclose a computer readable medium bearing 
instructions for providing application-level security, said instructions being arranged to cause 
one or more processors upon execution thereof (column 3, lines 63-67) to perform the steps of: 

Storing first data relating to a plurality of software applications (column 3, lines 13-18); 

Storing second data specifying entitlements of each of a plurality of users to access 
functions of the software applications (column 2, lines 6-10; column 3, lines 18-21); 

Receiving a: query from a particular one of the software applications , wherein the query 
is generated in response to an input from one of the plurality of users with respect to the 
particular software application (column 5, lines 10-20); 

In response to the query, forwarding a message to the particular software application, said 
message being generated based on the second data and the query, and providing instructions to 
the particular software application regarding entitlements of the one of the plurality of users 
(column 5, lines 24-25). 

44. With respect to claim 51, Ooki .et al. disclose wherein the one of the users utilizes a remote 
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system to access the particular function of the particular software application, and is not signed 
on to the operating system based on which the rules checker operates (Figure 1, items 10 and 90; 
A distributed computing system is one in which different functionality that comprises an 
application may be located in different components of the system. In Figure 1, two different 
servers are connected via a network in one system in order to carry out the functionality of the 
system). 

45. With respect to claim 52, Ooki .et al. disclose a system wherein the one of the users is an 
organization, and the second data specifies entitlements of the organization to access one or more 
functions of the particular software application, and entitlements of at least one individual user in 
the organization to access at least one of the one or more functions of the particular software 
application that the organization is entitled to access (column 5, lines 16-20, and column 6 lines 
3-9). 

46. With respect to claim 53, Ooki .et al. disclose a system wherein the one of the users is an 
organization having associated proprietary data; the second data includes an access level 
associated with an individual user within the organization, wherein the access level is selected 
from among a plurality of access levels arranged in a hierarchical structure, and specifies an 
authorization to access at least part of the proprietary data associated with the organization; and 
the individual user is entitled to access all data accessible to an access level hierarchically 
subordinate to the access level associated with the individual user (column 2 line 18-23, and 
column 6 line 3-18). 
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47. With respect to claim 55, Ooki .et al. disclose a system wherein the access level is assigned 
to the individual user based on the individual user's role within the organization or the individual 
user's job function (column 5 line 16-20, and column 6 lines 3-9). 

48. With respect to claim 56, Ooki .et al. disclose a system wherein the one of the users is an 
organization having associated proprietary data; and the second data specifies an authorization 
granted to an individual user of the organization to access at least part of the proprietary data 
associated with the organization, based on a function to be performed by the individual user 
(column 5 lines 16-20, and column 6 lines 3-18). 

49. With respect to claim 57, Ooki .et al. disclose a system wherein the message includes that 
one user's authorized action on the at least one field, or the appearance of the at least one field to 
that one user (column 4, lines 31-35, column 5 lines 10-20, and column 6 lines 3-9). 

50. With respect to claim 58, Ooki .et al. disclose a system wherein the entitlements of the 
plurality of users are dynamically configurable without the need to have a specific user to sign- 
off and sign-on again (Figure 1, items 10 and 90; A distributed computing system in which 
different functionality that comprises an application may be located in different components of 
the system. In Figure 1, two different servers are connected via a network in one system in order 
to carry out the functionality of the system without the need to sign-on/sign-off again). 

51. With respect to claim 59, Ooki .et al. disclose a system wherein the one of the users is an 
organization, and the second data specifies entitlements of the organization to access one or more 
functions of the particular software application, and entitlements of a role of the organization to 
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access at least one of the one or more functions of the particular software application that the 
organization is entitled to access; and a least one individual user of the organization is assignable 
to the role (column 6, line 3-18, and column 2,lines 18-23). 

52. With respect to claim 60, Ooki .et al. disclose a system for granting access to the 
functionality of one or more software applications, comprising: 

a first memory configured to store first data related to each of the one or more software 
applications(column 3, lines 13-18).; 

the first memory further configured to store second data related to each of one or more 
users of any of the software applications(column 2, lines 6-10; column 3, lines 18-21); and a 
rules checker(item 13) in communication with the software applications and the first memory, 
said rules checker configured to: 

receive at least one query said query originating from any particular one of the 
software applications(column 5, lines 16-20)and 

forward a message to the particular software application in response to the query(column 
5, lines 24-25); 

wherein said message provides instructions to the particular software application 
regarding entitlements of one of the users to access a particular function of the particular 
software application, based on the role of the one of the users or a function to be performed by 
the one of the users(column 6, lines 3-9). 
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Claim Rejections - 35 USC § 103 

44. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

45. Claims 1-50 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rosenow et al. 
(U.S. Patent 5,483,596) in view of Imai et al. (U.S. Patent 5,870,467). The grounds for this 
rejection can be found in Form 409 corresponding with the PCT application PCT/US01/43 116. 

46. Claims 2, 13, 15-20, 35 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ooki 
et al. (U.S. Patent 5,822,518) in view of Dustan et al. (U.S. Patent 5,884,312). 

47. Ooki et al. and Dustan et al. are analogous art because both are in the field of electronic 
communication. 

48. With respect to claim 2, Ooki et al. do not disclose a system, wherein the first memory is a 
relational database. 

Dustan et al. disclose a system, wherein the first memory is a relational database (column 12, 
lines 55-57). 

49. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
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have combined the teachings of Dustan et al. with the teachings of Ooki et al. in order to receive 
instructions from scripts at a web server (column 12, lines 57-60). 

50. With respect to claim 13, Ooki et al. do not disclose a system, wherein the rules checker logs 
data relating to an instance in which the specific user is not entitled to access that specific 
function. 

Dustan et al disclose a system, wherein the rules checker logs data relating to an instance in 
which the specific user is not entitled to access that specific function (column 13, lines 10-15). 

51. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dustan et al. with the teachings of Ooki et al. in order to record 
the processes and activities in the system (column 16, lines 38-40). 

52. With respect to claim 15, Ooki et al. do not disclose a system, further comprising: 
An administrative application configured to facilitate administration of the first and 
second data. 

Dustan et al disclose a system, further comprising: 

An administrative application configured to facilitate administration of the first and 
second data (column 8, lines 56-69; column 13, lines 26-28). 

53. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dustan et al. with the teachings of Ooki et al. in order to provide 
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a common interface to access disparate data sources (column 4, lines 29-31). 

54. With respect to claim 16, Ooki et al. disclose a system further comprising: 
Administering the first and second data by manipulating one or both of the first and 
second data according to which of a plurality of clients the plurality of the users is associated 
with (column 1, lines 23-26). 

55. Ooki et al. do not disclose a system, wherein an administrative application administers the 
data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

56. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

57. With respect to claim 1 7, Ooki et al. disclose a system further comprising: 
Administering the first data by manipulating one or both of the first and second data 
according to an identity of a particular one of the users (column 2, lines 19-20; column 4, lines 
23-28). 

58. Ooki et al. do not disclose a system, wherein an administrative application administers the 
data. 
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Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

59. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

60. With respect to claim 18, Ooki et al. disclose a system further comprising: 

Administering the first data by manipulating one or both of the first and second data 
according to which of a plurality of roles a particular one of the users is associated with (column 
2, lines 19-20). 61. Ooki et al. do not disclose a system, wherein an administrative application 
administers the data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

62. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

63. With respect to claim 19, Ooki et al. disclose a system further comprising 1 . 
Administering the first data by manipulating one or both of the first and second data 
according to which of a plurality of roles a particular one of the users is associated with (column 
2, lines 19-20). 
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64. Ooki et al. do not disclose a system, wherein an administrative application administers the 
data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

65. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

66. With respect to claim 20, Ooki et al. disclose a system further comprising; 
Administering the first and second data by manipulating all the first data relating to one 

of a plurality of functions associated with a specific one of the software applications (column 6, 
lines 54-61). 

67. Ooki et al. do not disclose a system, wherein an administrative application administers the 
data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

68. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al are disclosed above. 

69. With respect to claim 35, Ooki et al. do not disclose a system, further comprising the step of: 
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Creating a log entry relating to the message if the message indicates instructions which 
prohibit the particular software application access to the function. 
Dustan et al disclose a system, further comprising the step of: 

Creating a log entry relating to the message if the message indicates instructions which 
prohibit the particular software application access to the function (column 13, lines 10- 1 5). 

70. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

71. Claims 21-24, 43-45 are rejected under 35 U.S.C. 103(a) as being tmpatentable over Ooki et 
al. (U.S. Patent 5,822,518) and Dustan et al. (U.S. Patent 5,884,312) in view of Sprecher (U.S. 
Patent 5,285,494). 

72. Ooki et al, Dustan et al. and Sprecher are all analogous art because both are in the field of 
electronic communication. 

73. With respect to claim 21, Ooki et al. and Dustan et al. do not disclose a system, further 
comprising: 

An auditing application configured to facilitate auditing of the first and second data and 
any additional data generated by the rules checker. 
Sprecher disclose a system, further comprising: 

An auditing application configured to facilitate auditing of the first and second data and 
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any additional data generated by the rules checker (column 5, lines 66-68). 

74. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Sprecher with the combined teachings of Ooki et al. and Dustan 
et al. in order to utilize real-time and historical data for analysis (column 1, lines 54-55). 

75. With respect to claim 22, Ooki et al. and Dustan et al. do not disclose a system, wherein the 
auditing application is further configured to provide a history, upon request, of messages 
forwarded by the rules checker. 

Sprecher disclose a system, wherein the auditing application is further configured to provide a 
history, upon request, of messages forwarded by the rules checker (column 7, lines 20-22). 

76. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 

77. With respect to claim 23, Ooki et al. and Dustan et al. do not disclose a system, wherein the 
history emphasizes those messages related to a failed attempt to access the particular function. 
Sprecher disclose a system, wherein the history emphasizes those messages related to a failed 
attempt to access the particular function (column 7, lines 30-3 1). 

78. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 
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79. With respect to claim 24, Ooki et al. do not disclose a system, wherein the auditing 
application is further configured to provide a history, upon request, of changes to one or both of 
the first data and the second data. 

80. Dustan et al. discloses a system, wherein the history consists of changes to one or both of the 
first data and second data (column 14, lines 24-26). 

8 1. Dustan et al. do not disclose a system, wherein the auditing application is further configured 
to provide a history, upon request, of any historical data after a certain date. 
Sprecher disclose a system, wherein the auditing application is further configured to provide a 
history, upon request, of any historical data after a certain date (column 8, lines 7-9. 

82. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 

83. With respect to claim 43, Ooki et al. do not disclose a system, wherein the auditing - 
application is further configured to provide real-time data logging and retrieval. 
'Sprecher disclose a system, wherein the auditing application is further configured to provide 
real-time data logging and retrieval (column 1, lines 55-61). 

84. The motivational benefits of having combined the teachings of Sprecher with the combined 
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teachings of Ooki et al. and Dustan et al. are disclosed above. 

85. With respect to claim 44, Ooki et al. and Dustan et al. do not disclose a system, wherein any 
updates to data within the relational database are performed in real-time and the rules checker is 
further configured to use the updated data. 

Sprecher discloses a system, wherein any updates to data within the relational database are 
performed in real-time and the rules checker is further configured to use the updated data 
(column 1, lines 55-61). 

86. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 

87. With respect to claim 45, Ooki et al. discloses a system, wherein the particular software 
application is configured to: 

Provide in the query to the rules checker a user identity and a secured resource identity 
(column 5, lines 16-20); 

Receive from the rules checker the message forwarded by the rules checker (column 5, 
lines 24-25); and 

Determine the entitlements of the user to access the secured resource (column 6, lines 3- 

9). 



88. Ooki et al. and Dustan et al. do not disclose a system, wherein the particular software 
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application is a simulation application. 

Sprecher discloses a system, wherein the particular software application is a simulation 
application (column 1, line 68). 

89. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Sprecher with the combined teachings of Ooki et al. and Dustan 
et al. in order to generate models of optimum conditions for potential market areas (column 4, 
lines 38-40). 

90. Claims 7, 46-48, and 54 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ooki 
et al. 

(U.S. Patent 5,822,518) in view of Dauerer et al. (U.S. Patent 5,627,967). 

91. Ooki et al. and Dustan et al. are analogous art because both are in the field of electronic 
communication. 

92. With respect to claim 7, and 54 Ooki et al. do not disclose a system, wherein the 
identification of hierarchically arranged functions include functions, sub-functions, and sub-sub 
functions of the organization. 

Dauerer et al. disclose a system, wherein the identification of hierarchically arranged functions 
include functions, sub-functions, and sub-sub functions (column 1, lines 44-50). 
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93. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dauerer et al. with the teachings of Ooki et al. in order to 
provide efficient satisfaction of the basic requirements of the system (column 1, lines 44-46). 

94. With respect to claim 46, Ooki et al. do not disclose a system, wherein the query requests a 
listing of entitlements for the one user, said listing identifying the entitlements for every function 
associated with the one user, and wherein the message includes said listing. 

Dauerer et al disclose a system, wherein the query requests a listing of entitlements for the one 
user, said listing identifying the entitlements for every function associated with the one user, and 
wherein the message includes said listing (column 2, lines 49-51; column 4, lines 58-60, lines 
62-67). 

95. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dauerer et al. with the teachings of Ooki et al. in order to defer 
updating the entire system or larger access lists (column 5, lines 2-6). 

96. With respect to claim 47, Ooki et al. do not disclose a system, wherein query includes 
filtering parameters such that the listing includes only those entitlements that satisfy the filtering 
parameters. 

Dauerer et al. disclose a system, wherein query includes filtering parameters such that the listing 
includes only those entitlements that satisfy the filtering parameters (column 7, lines 51-53). 
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97. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dauerer et al. with the teachings of Ooki et al. in order to 
simplify the maintenance of the master list (column 7, lines 48-50). 

98. With respect to claim 48, Ooki et al. do not disclose a system, wherein the filtering 
parameters specify one or more of a user role, a function identity, an application identity, and a 
user identity, and a data access level. 

Dauerer et al. disclose a system, wherein the filtering parameters specify one or more of a user 
role, a function identity, an application identity, a user identity, and a data access level (column 
7, lines 38-50). 

99. The motivational benefits of having combined the teachings of Dauerer et al. with the 
teachings of Ooki et al. are disclosed above. 



Application/Control Number: 09/988,009 



Art Unit: 2131 



Page 29 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Syed Zia whose telephone number is 571-272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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